authorized_keys2 directory idea
Jason Stone
jason at shalott.net
Mon Jun 4 18:23:15 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Incompatibility sucks.
>
> OpenSSH is security software. A lot of you keep asking for more and
> more features, and the code keeps growing and growing and growing.
> Assuming that the number of lines per bug is a constant, how long
> before one of these features which noone uses becomes a hole?
>
> I think it is ridiculous how some people keep demanding change.
>
> Sorry, but I firmly believe that change for the sake of "I like it" is
> stupid.
I agree. However, taking such a stand brings with it a risk of
psuedo-forking. You say you won't take this patch because the feature is
unnecesary bloat. The patch writer says okay, and just rolls it in
himself on all his boxes. He also posts it on his website, and all the
other people who liked the idea download it and roll it into their local
installations.
Now bug reports start coming in, and incompatibilities start creeping in,
and if neither the bug reporter nor the developers realize that the
version in question has such an "un-authorized" patch, confusion will
result.
How many patches are already in this state? SecurID? SRP? Some sftp
chroot thing? Others? Again, I don't disagree with your statement, but
the resultant risk should also be considered.
-Jason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE7G0V2swXMWWtptckRAvbrAJ4lST/reVBwdWFnUzWkPy/MiImmZACgxys3
BcDSNhpiXsSlSvjBx6TjS7M=
=BdQE
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list